SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.exaramel (Back to overview)

Exaramel

Actor(s): TeleBots


There is no description at this point.

References
2021-04-29ESET ResearchRobert Lipovsky, Matthieu Faou, Tony Anscombe, Andy Garth, Daniel Chromek
@techreport{lipovsky:20210429:eset:ff67b6c, author = {Robert Lipovsky and Matthieu Faou and Tony Anscombe and Andy Garth and Daniel Chromek}, title = {{ESET Industry Report on Government: Targeted but not alone}}, date = {2021-04-29}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2021/04/ESET_Industry_Report_Government.pdf}, language = {English}, urldate = {2021-05-03} } ESET Industry Report on Government: Targeted but not alone
Exaramel Crutch Exaramel HyperBro HyperSSL InvisiMole XDSpy
2021-03-03DomainToolsJoe Slowik
@online{slowik:20210303:centreon:f590f6e, author = {Joe Slowik}, title = {{Centreon to Exim and Back: On the Trail of Sandworm}}, date = {2021-03-03}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/centreon-to-exim-and-back-on-the-trail-of-sandworm}, language = {English}, urldate = {2021-03-06} } Centreon to Exim and Back: On the Trail of Sandworm
Exaramel PAS
2021-02-16Twitter (@craiu)Costin Raiu
@online{raiu:20210216:twitter:97496ec, author = {Costin Raiu}, title = {{Twitter thread on Exaramel Linux backdoor used by Russian Group Sandworm}}, date = {2021-02-16}, organization = {Twitter (@craiu)}, url = {https://twitter.com/craiu/status/1361581668092493824}, language = {English}, urldate = {2021-02-20} } Twitter thread on Exaramel Linux backdoor used by Russian Group Sandworm
Exaramel
2021-02-15WiredAndy Greenberg
@online{greenberg:20210215:france:b543876, author = {Andy Greenberg}, title = {{France Ties Russia's Sandworm to a Multiyear Hacking Spree}}, date = {2021-02-15}, organization = {Wired}, url = {https://www.wired.com/story/sandworm-centreon-russia-hack/}, language = {English}, urldate = {2021-02-20} } France Ties Russia's Sandworm to a Multiyear Hacking Spree
Exaramel Exaramel
2021-01-27CERT-FRCERT-FR
@techreport{certfr:20210127:sandword:7f2e586, author = {CERT-FR}, title = {{Sandword Intrusion Set: Campaign Targeting Centreon Ssystems}}, date = {2021-01-27}, institution = {CERT-FR}, url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf}, language = {English}, urldate = {2021-03-02} } Sandword Intrusion Set: Campaign Targeting Centreon Ssystems
Exaramel PAS Exaramel
2020-01DragosJoe Slowik
@techreport{slowik:202001:threat:d891011, author = {Joe Slowik}, title = {{Threat Intelligence and the Limits of Malware Analysis}}, date = {2020-01}, institution = {Dragos}, url = {https://pylos.co/wp-content/uploads/2020/02/Threat-Intelligence-and-the-Limits-of-Malware-Analysis.pdf}, language = {English}, urldate = {2020-06-10} } Threat Intelligence and the Limits of Malware Analysis
Exaramel Exaramel Industroyer Lookback NjRAT PlugX
2018-10-11ESET ResearchAnton Cherepanov, Robert Lipovsky
@online{cherepanov:20181011:new:8e588c3, author = {Anton Cherepanov and Robert Lipovsky}, title = {{New TeleBots backdoor: First evidence linking Industroyer to NotPetya}}, date = {2018-10-11}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/}, language = {English}, urldate = {2019-11-14} } New TeleBots backdoor: First evidence linking Industroyer to NotPetya
Exaramel EternalPetya Exaramel Industroyer
2017-05-31MITREMITRE ATT&CK
@online{attck:20170531:sandworm:1a9a446, author = {MITRE ATT&CK}, title = {{Sandworm Team}}, date = {2017-05-31}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0034}, language = {English}, urldate = {2022-08-25} } Sandworm Team
CyclopsBlink Exaramel BlackEnergy EternalPetya Exaramel GreyEnergy KillDisk MimiKatz Olympic Destroyer Sandworm

There is no Yara-Signature yet.